The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Facebook users just Beware!! Don’t click any porn links on Facebook. Foremost reason is that you have thousands of good porn sites out there, but there's an extra good reason right now. Rogue pornography links on the world’s most popular social network have reportedly infected over 110,000 Facebook users with a malware Trojan in just two days and it is still on the rise, a security researcher warned Friday. The Facebook malware disguised as a Flash Player update and spreads itself by posting links to a pornographic video from the Facebook accounts of previously infected users. The malware generally tags as many as 20 friends of the infected user . "In the new technique, which we call it ' Magnet ,' the malware gets more visibility to potential victims by tagging the friends of the victim in the malicious post," said Mohammad Faghani, a senior consultant at PricewaterhouseCoopers, in a mailing list post to the Full Disclosure infosec hangout.  "A tag may...

After the disclosure of extremely critical GHOST vulnerability in the GNU C library (glibc) — a widely used component of most Linux distributions, security researchers have discovered that PHP applications, including the WordPress Content Management System (CMS), could also be affected by the bug. " GHOST " is a serious vulnerability ( CVE-2015-0235 ), announced this week by the researchers of California-based security firm Qualys, that involves a heap-based buffer overflow in the glibc function name - "GetHOSTbyname()." Researchers said the vulnerability has been present in the glibc code since 2000. Though the major Linux distributors such as Red Hat , Debian and Ubuntu , have already updated their software against the flaw, GHOST could be used by hackers against only a handful of applications currently to remotely run executable code and silently gain control of a Linux server. As we explained in our previous article, heap-based buffer overflow was found ...

Last week, the most popular mobile messaging application WhatsApp finally arrived on the web — dubbed WhatsApp Web , but unfortunately it needs some improvements in its web version. An independent 17-year-old security researcher Indrajeet Bhuyan reported two security holes in the WhatsApp web client that in some way exposes its users’ privacy. Bhuyan called the first hole, WhatsApp photo privacy bug and the other WhatsApp Web Photo Sync Bug. Bhuyan is the same security researcher who reported us the vulnerability in the widely popular mobile messaging app which allowed anyone to remotely crash WhatsApp by sending a specially crafted message of just 2kb in size, resulting in the loss of conversations. Whatsapp Photo Privacy Bug According to him, the new version of WhatsApp Web allows us to view a user’s profile image even if we are not on the contact list of that user. Even if the user has set the profile image privacy setting to " Contacts Only ," the pro...

Back in November, Mozilla teamed-up with Tor Project under a new initiative called Polaris , in order to help reduce finite number of Tor connections occurring at the same time by adding high-capacity Tor middle relays to the Tor network , and now the company is ready with its first Tor Middle relays. The Firefox maker has given the Tor network a high-capacity middle relays with the launch of 12 relays , all located in the United States, that will help distribute user traffic; the Tor browser is a great way to keep prying eyes from tracking you. Mozilla is one of the most trusted companies on the internet, particularly when it comes to user privacy. The partnership of Mozilla and Tor aimed at providing more privacy features to Firefox browser, and increased Tor network support. The Polaris Privacy Initiative was an effort of Mozilla, the Tor Project and the Center of Democracy and Technology — an advocacy group for digital rights, in order to help build more privacy ...

The makers of ultra secure BlackPhone titled by Silent Circle as, " world’s first Smartphone which places privacy and control directly in the hands of its users ," have recently fixed a critical vulnerability in the instant messaging application that allows hackers to run malicious code on the handsets. BlackPhone was also hacked last year at the BlackHat security conference , but the interesting factor about the recent hack was that the attackers only needed to send just a message on a targeted phone number in order to compromise the device. The vulnerability was first discovered and disclosed by Mark Dowd , a principal security researcher at the Australia-based consultancy firm Azimuth Security. Dowd discovered the issue late in 2014, but waited to disclose it until Blackphone got their patches and fixes in place. The flaw actually resides in Silent Text application — the secure text messaging application bundled with the BlackPhone handsets, which is al...

​Researchers have uncovered a new evidence that a powerful computer program discovered last year, called " Regin ", is "identical in functionality" to a piece of malware used by the National Security Agency  (NSA) and its Five Eyes allies . REGIN MALWARE "Regin" is a highly advanced, sophisticated piece of malware the researchers believe was developed by nation state to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008. Regin was first discovered in November 2014 by the researchers at antivirus software maker Symantec and was said to be more sophisticated than both Stuxnet and Duqu . The malware alleged to have been used against targets in Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russia and Syria, among others. The recent evidence comes from the journalists at Der Spiege...

A highly critical vulnerability has been unearthed in the GNU C Library (glibc) , a widely used component of most Linux distributions, that could allow attackers to execute malicious code on servers and remotely gain control of Linux machines. The vulnerability, dubbed " GHOST " and assigned CVE-2015-0235 , was discovered and disclosed by the security researchers from Redwood Shores, California-based security firm Qualys on Tuesday. CRITICAL AS HEARTBLEED AND SHELLSHOCK GHOST is considered to be critical because hackers could exploit it to silently gain complete control of a targeted Linux system without having any prior knowledge of system credentials (i.e. administrative passwords). Also Read:  Top Best Password Managers . The flaw represents an immense Internet threat, in some ways similar to the Heartbleed ,   Shellshock   and Poodle   bugs that came to light last year. WHY GHOST ? The vulnerability in the GNU C Library (glibc) is dubbe...